By Michael Lipin
The Iranian government said Tuesday it has produced an antivirus program capable of fighting what computer experts are calling “the most sophisticated cyber weapon yet unleashed.”
The data-stealing virus has been infecting computers in Iran and other parts of the Middle East.
Iran’s Computer Emergency Response Team Coordination Center (CERTCC) said Tuesday the antivirus tool can identify and remove the sophisticated spyware, identified a day earlier by a Russian Internet security company. The Iranian ministry did not say if the virus had done any damage.
Russia’s Kaspersky Lab dubbed the virus “Flame” and described it as a malicious program whose “complexity and functionality exceed those of all other cyber menaces known to date.” It said virus has stolen information from computers in Iran, Israel and other parts of the region.
In a separate report, the Hungarian Laboratory of Cryptography and System Security named the virus “sKyWIper” and said Hungarian computers also have been infected.
The spyware works by copying files and activating computer microphones to record conversations before sending the data through a series of servers to the program source.
No one has claimed responsibility for the computer attacks.
But Israeli Vice Premier Moshe Yaalon said Tuesday cyber weapons such as Flame are a “reasonable” tool for any nation trying to “hobble” the threat of a nuclear-armed Iran. He also said Israel is a “technologically rich” nation whose tools “open up all sorts of opportunities.”
Tensions between Iran and Israel have increased steadily in recent months, as has speculation about a possible Israeli strike against Iran’s nuclear sites. Iran says its controversial nuclear program is peaceful. But talks have been continuing with world powers to curb Iran’s weapons capability.
Iran suffered a major cyberattack in 2010 when a virus known as Stuxnet knocked out computers at its nuclear facilities. Tehran has blamed the Stuxnet attack on Israel and the West, whom it accuses of trying to sabotage the Iranian nuclear program.
The head of science, technology and security at Tel Aviv University, Isaac Ben-Israel, said the Flame virus uses a different software language from Stuxnet, making it unlikely the two are related. He also said Flame is the largest virus of its kind ever detected with a file size of 20 megabytes.
Ben-Israel said Flame is not the most dangerous virus because it steals information rather than causing damage in the physical world.
“If you speak about danger, the real danger in using cyber technology is damaging computers which control physical systems like trains and power production,” he said.
Ben-Israel said the virus appears to be the work of a government with sufficient resources to invest in gathering intelligence from the Middle East. He said 60 to 70 countries have such capabilities, but doubted the Israeli government is responsible because Israel is among the nations whose computers have been infected.